A system and method for cryptographically securing data communications between a group of networked devices establishes and maintains an overlay network at the Application Layer, on top of a unicast routing service provided at the Internetworking Layer. The overlay network provides first, the routes that are used to deliver multicast datagrams and second, the cryptographic keys used to secure multicast datagrams. A common cryptographic key is established between all members of each group, and end-to-end encryption ensures that multicast datagrams can be accessed only by authorized group members. In other embodiments, keys are established between pairs of adjacent devices in the overlay network, and hop-by-hop encryption ensures that multicast datagrams can be accessed only by overlay network members.

A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store. A second private key generator is operable for generating a private key using the predetermined key generation algorithm with the received user PIN, the received host factor, and an extracted entropy store corresponding to user selected entropy store, wherein the private key generated by both the first and second private key generators are identical. The session is initiated to cause the generation of the identical private keys at both of the first and second private key generators and allow secure communication between the first and second devices. The private key at at least one of the first and second devices is deleted at the end of the session.

According to the present techniques there is provided a computer implemented method of bootstrapping a device by a bootstrap server, the method comprising: receiving, at the bootstrap server from the device as part of a bootstrap process, common credential data including a trust indicator to indicate that the common credential data is common for a group of devices; obtaining, at the bootstrap server, resource credential data based on or in response to the common credential data, the resource credential data to enable the device to authenticate with a resource; transmitting, from the bootstrap server to the device, the resource credential data.

Methods, devices and systems are disclosed for inter-app communications between software applications on a mobile communications device. In one aspect, a computer-readable medium on a mobile computing device comprising an inter-application communication data structure to facilitate transitioning and distributing data between software applications in a shared app group for an operating system of the mobile computing device includes a scheme field of the data structure providing a scheme id associated with a target software app to transition to from a source software app, wherein the scheme id is listed on a scheme list stored with the source software app; and a payload field of the data structure providing data and/or an identification where to access data in a shared file system accessible to the software applications in the shared app group, wherein the payload field is encrypted.

A system for data encryption includes any or all of: a set of items, a set of keys, and a server. A method for data encryption includes any or all of: encrypting items, sharing items, and reading items. The method can optionally additionally or alternatively include any or all of: performing a registration process, creating items, restricting access of users and/or supplementary systems to items, and/or any other suitable processes.

Embodiments described herein provide for the pseudo-cooperative load balancing and/or distribution of traffic and/or other types of data by independent nodes. Techniques described herein may be considered “pseudo-cooperative” in that the resulting distribution of traffic and/or other data may resemble load balancing techniques in which various nodes, that serve as an ingress for data for distribution and/or other types of processing, communicate with each other (e.g., share context information) in order to perform load balancing in a coordinated or cooperative manner. In contrast, nodes in accordance with some embodiments described herein may perform load balancing with the same or similar results (e.g., a relatively even distribution of traffic and/or other data), without communicating with each other, thus saving time, processing resources, and/or other resources.

A computing device is provisioned to be remotely managed by a current owner. The device has an initial cryptographic basis of trust, and an owner identifier that facilitates establishment of communication with the current owner of the device. The ownership may change one or more times while the device may remain inoperative. Later, the device receives a transfer-of-ownership indication, which it verifies against the initial basis of trust to establish a new current owner. The device may then communicate with a device management service of the new current owner based on the transfer-of-ownership indication.

In the disclosed transaction processing system, members of an authorized network of consumers and merchants manage account information using blockchain ledgers. Because both consumers and merchants maintain copies of the blockchain, for any consumer/merchant transaction, both entities can quickly validate the transaction because both are aware, via their blockchain entries, of the current status of the account sourcing the transaction, allowing fast and accurate transaction validation without the need to incur the processing charges inherent in traditional fiat currency credit transactions.

One embodiment provides a system for facilitating distribution of quantum keys. During operation, the system receives, from a requester, a first request for a key, wherein the first request indicates a requested length for the key and identifying information of the requester. The system determines whether a subset pool of a general pool of keys is allocated to the requester based on the identifying information of the requester, wherein the keys in the general pool are generated by a quantum engine. In response to determining that a subset pool is not allocated to the requester, the system allocates a subset pool to the requester. The system obtains from the allocated subset pool a key with a length matching the requested length, and the system returns the obtained key to the requester.

According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.